package com.xrh.xdemo.service.xss;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;

import cn.hutool.core.util.StrUtil;
 
/**
* @function 防xss攻击过滤器
* @author 肖荣辉
* @date 2018年7月17日
*/
@WebFilter(filterName="xssFilter" , urlPatterns={"/*"})
public class XssFilter implements Filter {
	
 
    /**
     * 初始化方法
     */
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    	
    }
    
    /**
     * 过滤方法
     */
    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    	
    	//文件上传不过滤
    	String contentType = request.getContentType();
    	
		if(StrUtil.isNotBlank(contentType) && contentType.contains("multipart/form-data") ) {
			chain.doFilter(request , response);
			return ;
		}
		
    	XSSHttpServletRequestWrapper xssWrapper = new XSSHttpServletRequestWrapper((HttpServletRequest) request);
        
        //用包装后的request往下传递
        chain.doFilter(xssWrapper , response);
    }
    
}
